CVE-2026-32836 - Vulnerability Analysis
MediumCVSS: 5.5Last Updated: March 19, 2026
dr_libs - Denial of Service
Published: March 17, 2026Updated: March 19, 2026PoC Available
Overview
dr_libs <= 0.13.3 contains a denial of service caused by uncontrolled memory allocation in drflac__read_and_decode_metadata() via crafted PICTURE metadata blocks, letting attackers exhaust memory, exploit requires crafted FLAC streams.
Severity & Score
Severity: Medium
CVSS Score: 5.5
Impact
Attackers can cause denial of service by exhausting memory through crafted FLAC metadata.
Mitigation
Update to the latest version beyond 0.13.3.
References
Related Resources
Details
- CVE ID
- CVE-2026-32836
- Severity
- Medium
- CVSS Score
- 5.5
- Type
- denial_of_service
- Status
- confirmed
CWE
- CWE-789
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H